This update for libxml2 fixes the following issues: Security issues fixed :
- CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
{"id": "SUSE_SU-2017-2141-1.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:2141-1)", "description": "This update for libxml2 fixes the following issues: Security issues fixed :\n\n - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-08-14T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/102474", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1038444", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872", "http://www.nessus.org/u?cd1c7959", "https://www.suse.com/security/cve/CVE-2017-8872/"], "cvelist": ["CVE-2017-8872"], "immutableFields": [], "lastseen": "2021-08-19T12:35:42", "viewCount": 37, "enchantments": {"dependencies": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:A2488D03CBE987233F934844F44A3BB5"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1640697315", "CLSA-2022:1641903536"]}, {"type": "cve", "idList": ["CVE-2017-8872"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2369-1:46D38", "DEBIAN:DLA-2369-1:E14AE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-8872"]}, {"type": "fedora", "idList": ["FEDORA:790F1618AE54", "FEDORA:CCFB3631D0F6"]}, {"type": "freebsd", "idList": ["76E59F55-4F7A-4887-BCB0-11604004163A"]}, {"type": "ibm", "idList": ["1695654077F888DBA5D74372BE319A101D1D52DECCCA129B96319385DBC072A0", "C596338966F1610A28DC01FBB21502CC71651B70DBC8B96D9603EBE432E4D5E6"]}, {"type": "ics", "idList": ["ICSA-21-336-06"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2369.NASL", "EULEROS_SA-2019-2211.NASL", "EULEROS_SA-2019-2491.NASL", "EULEROS_SA-2019-2626.NASL", "EULEROS_SA-2020-1268.NASL", "FEDORA_2018-A6B59D8F78.NASL", "FEDORA_2018-DB610FFF5B.NASL", "FREEBSD_PKG_76E59F554F7A4887BCB011604004163A.NASL", "OPENSUSE-2017-942.NASL", "PHOTONOS_PHSA-2017-0029.NASL", "PHOTONOS_PHSA-2017-0029_LIBXML2.NASL", "SUSE_SU-2017-2115-1.NASL", "UBUNTU_USN-4991-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813437", "OPENVAS:1361412562310874073", "OPENVAS:1361412562310874119", "OPENVAS:1361412562311220192211", "OPENVAS:1361412562311220192491", "OPENVAS:1361412562311220192626", "OPENVAS:1361412562311220201268"]}, {"type": "osv", "idList": ["OSV:DLA-2369-1"]}, {"type": "photon", "idList": ["PHSA-2017-0029"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-8872"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2470-1", "SUSE-SU-2017:2701-1"]}, {"type": "ubuntu", "idList": ["USN-4991-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-8872"]}, {"type": "veracode", "idList": ["VERACODE:28331"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:A2488D03CBE987233F934844F44A3BB5"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1640697315"]}, {"type": "cve", "idList": ["CVE-2017-8872"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2369-1:E14AE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-8872"]}, {"type": "fedora", "idList": ["FEDORA:790F1618AE54"]}, {"type": "freebsd", "idList": ["76E59F55-4F7A-4887-BCB0-11604004163A"]}, {"type": "ibm", "idList": ["1695654077F888DBA5D74372BE319A101D1D52DECCCA129B96319385DBC072A0"]}, {"type": "nessus", "idList": ["OPENSUSE-2017-942.NASL", "SUSE_SU-2017-2115-1.NASL", "UBUNTU_USN-4991-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107443"]}, {"type": "photon", "idList": ["PHSA-2017-0029"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-8872"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2470-1"]}, {"type": "ubuntu", "idList": ["USN-4991-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-8872"]}]}, "exploitation": null, "vulnersScore": 0.1}, "pluginID": "102474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2141-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102474);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-8872\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:2141-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-8872: Out-of-bounds read in\n htmlParseTryOrFinish. (bsc#1038444)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8872/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172141-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd1c7959\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1326=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1326=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1326=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1326=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1326=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1326=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1326=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1326=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-debugsource-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-tools-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-tools-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-debugsource-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-32bit-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-debugsource-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-tools-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-tools-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-debugsource-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-32bit-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-46.3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-46.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2", "p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2-debugsource", "cpe:/o:novell:suse_linux:12"], "solution": "To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1326=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1326=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1326=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1326=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1326=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1326=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1326=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1326=1\n\nTo bring your system up-to-date, use 'zypper patch'.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2017-08-11T00:00:00", "vulnerabilityPublicationDate": "2017-05-10T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1659988328, "score": 1659966067}, "_internal": {"score_hash": "0434fa9f1b7f35fb359cd197b29d595c"}}
{"ubuntucve": [{"lastseen": "2022-10-15T15:03:07", "description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows\nattackers to cause a denial of service (buffer over-read) or information\ndisclosure.\n\n#### Bugs\n\n * <https://bugzilla.gnome.org/show_bug.cgi?id=775200>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450>\n * <https://gitlab.gnome.org/GNOME/libxml2/issues/26>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | fix debian used isn't the final upstream fix\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-05-10T00:00:00", "type": "ubuntucve", "title": "CVE-2017-8872", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872"], "modified": "2017-05-10T00:00:00", "id": "UB:CVE-2017-8872", "href": "https://ubuntu.com/security/CVE-2017-8872", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:36:01", "description": "This update for libxml2 fixes the following issues :\n\n - CVE-2017-8872: Out-of-bounds read could lead to application crash (bsc#1038444)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-08-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:2115-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8872"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-doc", "p-cpe:/a:novell:suse_linux:libxml2-python", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2115-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2115-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102353);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-8872\");\n\n script_name(english:\"SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:2115-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following issues :\n\n - CVE-2017-8872: Out-of-bounds read could lead to\n application crash (bsc#1038444)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8872/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172115-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75ff62a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-libxml2-13228=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-libxml2-13228=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-libxml2-13228=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.77.3.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.77.3.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-2.7.6-0.77.3.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-doc-2.7.6-0.77.3.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-python-2.7.6-0.77.3.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-05-25T17:23:06", "description": "An update of the libxml2 package has been released.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Libxml2 PHSA-2017-0029", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8872"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libxml2", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0029_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/121723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0029. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121723);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2017-8872\");\n\n script_name(english:\"Photon OS 1.0: Libxml2 PHSA-2017-0029\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxml2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-62.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8872\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'None');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-2.9.4-7.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-debuginfo-2.9.4-7.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-devel-2.9.4-7.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"libxml2-python-2.9.4-7.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:01", "description": "This update for libxml2 fixes the following security issue :\n\n - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-08-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxml2 (openSUSE-2017-942)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8872"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2", "p-cpe:/a:novell:opensuse:python-libxml2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-debugsource", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-942.NASL", "href": "https://www.tenable.com/plugins/nessus/102561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-942.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102561);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-8872\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2017-942)\");\n script_summary(english:\"Check for the openSUSE-2017-942 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes the following security issue :\n\n - CVE-2017-8872: Out-of-bounds read in\n htmlParseTryOrFinish. (bsc#1038444)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038444\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-2-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-2-debuginfo-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-debugsource-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-devel-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-tools-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libxml2-tools-debuginfo-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-debuginfo-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-libxml2-debugsource-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.4-5.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-2-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-2-debuginfo-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-debugsource-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-devel-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-tools-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-tools-debuginfo-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-debuginfo-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-debugsource-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.4-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-09-27T14:39:37", "description": "Update to 2.9.7 which hopefully fixes all security issues\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-15T00:00:00", "type": "nessus", "title": "Fedora 26 : libxml2 (2018-a6b59d8f78)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131", "CVE-2017-8872", "CVE-2017-9047"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-A6B59D8F78.NASL", "href": "https://www.tenable.com/plugins/nessus/106828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-a6b59d8f78.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106828);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2017-8872\", \"CVE-2017-9047\");\n script_xref(name:\"FEDORA\", value:\"2018-a6b59d8f78\");\n\n script_name(english:\"Fedora 26 : libxml2 (2018-a6b59d8f78)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.9.7 which hopefully fixes all security issues\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b59d8f78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libxml2-2.9.7-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-27T14:37:25", "description": "Update to 2.9.7 which hopefully fixes all security issues\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "Fedora 27 : libxml2 (2018-db610fff5b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131", "CVE-2017-8872", "CVE-2017-9047"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-DB610FFF5B.NASL", "href": "https://www.tenable.com/plugins/nessus/106521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-db610fff5b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106521);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2017-8872\", \"CVE-2017-9047\");\n script_xref(name:\"FEDORA\", value:\"2018-db610fff5b\");\n\n script_name(english:\"Fedora 27 : libxml2 (2018-db610fff5b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.9.7 which hopefully fixes all security issues\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-db610fff5b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libxml2-2.9.7-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T16:13:55", "description": "libxml2 developers report :\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.\n\nA buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about 'size' many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.\nThis vulnerability exists because of an incomplete fix for libxml2 Bug 759398.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.\nThis vulnerability exists because of an incomplete fix for CVE-2016-1839.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "FreeBSD : libxml2 -- Multiple Issues (76e59f55-4f7a-4887-bcb0-11604004163a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1839", "CVE-2017-8872", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libxml2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_76E59F554F7A4887BCB011604004163A.NASL", "href": "https://www.tenable.com/plugins/nessus/105216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105216);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-8872\", \"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\");\n\n script_name(english:\"FreeBSD : libxml2 -- Multiple Issues (76e59f55-4f7a-4887-bcb0-11604004163a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libxml2 developers report :\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4\nallows attackers to cause a denial of service (buffer over-read) or\ninformation disclosure.\n\nA buffer overflow was discovered in libxml2\n20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in\nvalid.c is supposed to recursively dump the element content definition\ninto a char buffer 'buf' of size 'size'. The variable len is assigned\nstrlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then\n(i) the content->prefix is appended to buf (if it actually fits)\nwhereupon (ii) content->name is written to the buffer. However, the\ncheck for whether the content->name actually fits also uses 'len'\nrather than the updated buffer length strlen(buf). This allows us to\nwrite about 'size' many bytes beyond the allocated memory. This\nvulnerability causes programs that use libxml2, such as PHP, to crash.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based\nbuffer overflow. The function xmlSnprintfElementContent in valid.c is\nsupposed to recursively dump the element content definition into a\nchar buffer 'buf' of size 'size'. At the end of the routine, the\nfunction may strcat two more characters without checking whether the\ncurrent strlen(buf) + 2 < size. This vulnerability causes programs\nthat use libxml2, such as PHP, to crash.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based\nbuffer over-read in the xmlDictComputeFastKey function in dict.c. This\nvulnerability causes programs that use libxml2, such as PHP, to crash.\nThis vulnerability exists because of an incomplete fix for libxml2 Bug\n759398.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based\nbuffer over-read in the xmlDictAddString function in dict.c. This\nvulnerability causes programs that use libxml2, such as PHP, to crash.\nThis vulnerability exists because of an incomplete fix for\nCVE-2016-1839.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.gnome.org/show_bug.cgi?id=775200\"\n );\n # http://www.openwall.com/lists/oss-security/2017/05/15/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/05/15/1\"\n );\n # http://www.securityfocus.com/bid/98599\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/98599\"\n );\n # http://www.openwall.com/lists/oss-security/2017/05/15/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/05/15/1\"\n );\n # http://www.securityfocus.com/bid/98556\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/98556\"\n );\n # http://www.openwall.com/lists/oss-security/2017/05/15/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/05/15/1\"\n );\n # http://www.securityfocus.com/bid/98601\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/98601\"\n );\n # http://www.openwall.com/lists/oss-security/2017/05/15/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2017/05/15/1\"\n );\n # http://www.securityfocus.com/bid/98568\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/98568\"\n );\n # https://vuxml.freebsd.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fff120c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxml2<=2.9.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-03-24T21:20:35", "description": "According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.(CVE-2017-9050)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\n - The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.8, if\n --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.(CVE-2018-9251)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2020-03-20T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1268)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2016-1839", "CVE-2017-8872", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-1268.NASL", "href": "https://www.tenable.com/plugins/nessus/134734", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134734);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-8872\",\n \"CVE-2017-9048\",\n \"CVE-2017-9049\",\n \"CVE-2017-9050\",\n \"CVE-2018-14567\",\n \"CVE-2018-9251\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1268)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n heap-based buffer over-read in the xmlDictAddString\n function in dict.c. This vulnerability causes programs\n that use libxml2, such as PHP, to crash. This\n vulnerability exists because of an incomplete fix for\n CVE-2016-1839.(CVE-2017-9050)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n heap-based buffer over-read in the\n xmlDictComputeFastKey function in dict.c. This\n vulnerability causes programs that use libxml2, such as\n PHP, to crash. This vulnerability exists because of an\n incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n stack-based buffer overflow. The function\n xmlSnprintfElementContent in valid.c is supposed to\n recursively dump the element content definition into a\n char buffer 'buf' of size 'size'. At the end of the\n routine, the function may strcat two more characters\n without checking whether the current strlen(buf) + 2 <\n size. This vulnerability causes programs that use\n libxml2, such as PHP, to crash.(CVE-2017-9048)\n\n - The htmlParseTryOrFinish function in HTMLparser.c in\n libxml2 2.9.4 allows attackers to cause a denial of\n service (buffer over-read) or information\n disclosure.(CVE-2017-8872)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.8, if\n --with-lzma is used, allows remote attackers to cause a\n denial of service (infinite loop) via a crafted XML\n file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated\n by xmllint, a different vulnerability than\n CVE-2015-8035.(CVE-2018-9251)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted XML file that triggers\n LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a\n different vulnerability than CVE-2015-8035 and\n CVE-2018-9251.(CVE-2018-14567)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1268\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?814b9c2e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h17\",\n \"libxml2-devel-2.9.1-6.3.h17\",\n \"libxml2-python-2.9.1-6.3.h17\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-05-15T14:01:14", "description": "Several security vulnerabilities were corrected in libxml2, the GNOME XML library.\n\nCVE-2017-8872\n\nGlobal buffer-overflow in the htmlParseTryOrFinish function.\n\nCVE-2017-18258\n\nThe xz_head function in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.\n\nCVE-2018-14404\n\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\nApplications processing untrusted XSL format inputs may be vulnerable to a denial of service attack.\n\nCVE-2018-14567\n\nIf the option --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file.\n\nCVE-2019-19956\n\nThe xmlParseBalancedChunkMemoryRecover function has a memory leak related to newDoc->oldNs.\n\nCVE-2019-20388\n\nA memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service.\n\nCVE-2020-7595\n\nInfinite loop in xmlStringLenDecodeEntities can cause a denial of service.\n\nCVE-2020-24977\n\nOut-of-bounds read restricted to xmllint --htmlout.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u3.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFor the detailed security status of libxml2 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2020-09-10T00:00:00", "type": "nessus", "title": "Debian DLA-2369-1 : libxml2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18258", "CVE-2017-8872", "CVE-2018-14404", "CVE-2018-14567", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-24977", "CVE-2020-7595"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "p-cpe:/a:debian:debian_linux:libxml2-dbg", "p-cpe:/a:debian:debian_linux:libxml2-dev", "p-cpe:/a:debian:debian_linux:libxml2-doc", "p-cpe:/a:debian:debian_linux:libxml2-utils", "p-cpe:/a:debian:debian_linux:libxml2-utils-dbg", "p-cpe:/a:debian:debian_linux:python-libxml2", "p-cpe:/a:debian:debian_linux:python-libxml2-dbg", "p-cpe:/a:debian:debian_linux:python3-libxml2", "p-cpe:/a:debian:debian_linux:python3-libxml2-dbg", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2369.NASL", "href": "https://www.tenable.com/plugins/nessus/140469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2369-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140469);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2017-18258\", \"CVE-2017-8872\", \"CVE-2018-14404\", \"CVE-2018-14567\", \"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-24977\", \"CVE-2020-7595\");\n\n script_name(english:\"Debian DLA-2369-1 : libxml2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities were corrected in libxml2, the GNOME\nXML library.\n\nCVE-2017-8872\n\nGlobal buffer-overflow in the htmlParseTryOrFinish function.\n\nCVE-2017-18258\n\nThe xz_head function in libxml2 allows remote attackers to cause a\ndenial of service (memory consumption) via a crafted LZMA file,\nbecause the decoder functionality does not restrict memory usage to\nwhat is required for a legitimate file.\n\nCVE-2018-14404\n\nA NULL pointer dereference vulnerability exists in the\nxpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an\ninvalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\nApplications processing untrusted XSL format inputs may be vulnerable\nto a denial of service attack.\n\nCVE-2018-14567\n\nIf the option --with-lzma is used, allows remote attackers to cause a\ndenial of service (infinite loop) via a crafted XML file.\n\nCVE-2019-19956\n\nThe xmlParseBalancedChunkMemoryRecover function has a memory leak\nrelated to newDoc->oldNs.\n\nCVE-2019-20388\n\nA memory leak was found in the xmlSchemaValidateStream function of\nlibxml2. Applications that use this library may be vulnerable to\nmemory not being freed leading to a denial of service.\n\nCVE-2020-7595\n\nInfinite loop in xmlStringLenDecodeEntities can cause a denial of\nservice.\n\nCVE-2020-24977\n\nOut-of-bounds read restricted to xmllint --htmlout.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.9.4+dfsg1-2.2+deb9u3.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFor the detailed security status of libxml2 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24977\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-dev\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-doc\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-utils\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-09-20T16:32:34", "description": "According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android.\n Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.(CVE-2017-0663)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\n\n - The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.(CVE-2015-8035)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.(CVE-2017-18258)\n\n - ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-2491)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2017-0663", "CVE-2017-18258", "CVE-2017-5969", "CVE-2017-8872", "CVE-2017-9048", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2491.NASL", "href": "https://www.tenable.com/plugins/nessus/131644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131644);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2017-0663\",\n \"CVE-2017-5969\",\n \"CVE-2017-8872\",\n \"CVE-2017-9048\",\n \"CVE-2017-18258\",\n \"CVE-2018-14567\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-2491)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A remote code execution vulnerability in libxml2 could\n enable an attacker using a specially crafted file to\n execute arbitrary code within the context of an\n unprivileged process. This issue is rated as High due\n to the possibility of remote code execution in an\n application that uses this library. Product: Android.\n Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1,\n 7.1.2. Android ID: A-37104170.(CVE-2017-0663)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted XML file that triggers\n LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a\n different vulnerability than CVE-2015-8035 and\n CVE-2018-9251.(CVE-2018-14567)\n\n - The htmlParseTryOrFinish function in HTMLparser.c in\n libxml2 2.9.4 allows attackers to cause a denial of\n service (buffer over-read) or information\n disclosure.(CVE-2017-8872)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n stack-based buffer overflow. The function\n xmlSnprintfElementContent in valid.c is supposed to\n recursively dump the element content definition into a\n char buffer 'buf' of size 'size'. At the end of the\n routine, the function may strcat two more characters\n without checking whether the current strlen(buf) + 2 <\n size. This vulnerability causes programs that use\n libxml2, such as PHP, to crash.(CVE-2017-9048)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does\n not properly detect compression errors, which allows\n context-dependent attackers to cause a denial of\n service (process hang) via crafted XML\n data.(CVE-2015-8035)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6\n allows remote attackers to cause a denial of service\n (memory consumption) via a crafted LZMA file, because\n the decoder functionality does not restrict memory\n usage to what is required for a legitimate\n file.(CVE-2017-18258)\n\n - ** DISPUTED ** libxml2 2.9.4, when used in recover\n mode, allows remote attackers to cause a denial of\n service (NULL pointer dereference) via a crafted XML\n document. NOTE: The maintainer states 'I would disagree\n of a CVE with the Recover parsing option which should\n only be used for manual recovery at least for XML\n parser.'(CVE-2017-5969)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2491\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43ee5278\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0663\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-8872\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h18\",\n \"libxml2-devel-2.9.1-6.3.h18\",\n \"libxml2-python-2.9.1-6.3.h18\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-25T14:35:47", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4991-1 advisory.\n\n - The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. (CVE-2017-8872)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. (CVE-2020-24977)\n\n - There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. (CVE-2021-3516)\n\n - There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. (CVE-2021-3517)\n\n - There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. (CVE-2021-3518)\n\n - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. (CVE-2021-3537)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2021-06-17T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : libxml2 vulnerabilities (USN-4991-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8872", "CVE-2019-20388", "CVE-2020-24977", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-3541"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "cpe:/o:canonical:ubuntu_linux:21.04", "p-cpe:/a:canonical:ubuntu_linux:libxml2", "p-cpe:/a:canonical:ubuntu_linux:libxml2-dev", "p-cpe:/a:canonical:ubuntu_linux:libxml2-udeb", "p-cpe:/a:canonical:ubuntu_linux:libxml2-utils", "p-cpe:/a:canonical:ubuntu_linux:python-libxml2", "p-cpe:/a:canonical:ubuntu_linux:python3-libxml2"], "id": "UBUNTU_USN-4991-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150858", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4991-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150858);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2017-8872\",\n \"CVE-2019-20388\",\n \"CVE-2020-24977\",\n \"CVE-2021-3516\",\n \"CVE-2021-3517\",\n \"CVE-2021-3518\",\n \"CVE-2021-3537\",\n \"CVE-2021-3541\"\n );\n script_xref(name:\"USN\", value:\"4991-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : libxml2 vulnerabilities (USN-4991-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the USN-4991-1 advisory.\n\n - The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of\n service (buffer over-read) or information disclosure. (CVE-2017-8872)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at\n libxml2/entities.c. The issue has been fixed in commit 50f06b3e. (CVE-2020-24977)\n\n - There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted\n file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to\n confidentiality, integrity, and availability. (CVE-2021-3516)\n\n - There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker\n who is able to supply a crafted file to be processed by an application linked with the affected\n functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to\n application availability, with some potential impact to confidentiality and integrity if an attacker is\n able to use memory information to further exploit the application. (CVE-2021-3517)\n\n - There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to\n be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact\n from this flaw is to confidentiality, integrity, and availability. (CVE-2021-3518)\n\n - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while\n parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery\n mode and post-validated, the flaw could be used to crash the application. The highest threat from this\n vulnerability is to system availability. (CVE-2021-3537)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4991-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-8872\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-libxml2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10|21\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10 / 21.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libxml2', 'pkgver': '2.9.3+dfsg1-1ubuntu0.7+esm1'},\n {'osver': '16.04', 'pkgname': 'libxml2-dev', 'pkgver': '2.9.3+dfsg1-1ubuntu0.7+esm1'},\n {'osver': '16.04', 'pkgname': 'libxml2-udeb', 'pkgver': '2.9.3+dfsg1-1ubuntu0.7+esm1'},\n {'osver': '16.04', 'pkgname': 'libxml2-utils', 'pkgver': '2.9.3+dfsg1-1ubuntu0.7+esm1'},\n {'osver': '16.04', 'pkgname': 'python-libxml2', 'pkgver': '2.9.3+dfsg1-1ubuntu0.7+esm1'},\n {'osver': '18.04', 'pkgname': 'libxml2', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.4'},\n {'osver': '18.04', 'pkgname': 'libxml2-dev', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.4'},\n {'osver': '18.04', 'pkgname': 'libxml2-udeb', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.4'},\n {'osver': '18.04', 'pkgname': 'libxml2-utils', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.4'},\n {'osver': '18.04', 'pkgname': 'python-libxml2', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.4'},\n {'osver': '18.04', 'pkgname': 'python3-libxml2', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.4'},\n {'osver': '20.04', 'pkgname': 'libxml2', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libxml2-dev', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libxml2-utils', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'python-libxml2', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'python3-libxml2', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.04.1'},\n {'osver': '20.10', 'pkgname': 'libxml2', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.10.2'},\n {'osver': '20.10', 'pkgname': 'libxml2-dev', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.10.2'},\n {'osver': '20.10', 'pkgname': 'libxml2-utils', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.10.2'},\n {'osver': '20.10', 'pkgname': 'python-libxml2', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.10.2'},\n {'osver': '20.10', 'pkgname': 'python3-libxml2', 'pkgver': '2.9.10+dfsg-5ubuntu0.20.10.2'},\n {'osver': '21.04', 'pkgname': 'libxml2', 'pkgver': '2.9.10+dfsg-6.3ubuntu0.1'},\n {'osver': '21.04', 'pkgname': 'libxml2-dev', 'pkgver': '2.9.10+dfsg-6.3ubuntu0.1'},\n {'osver': '21.04', 'pkgname': 'libxml2-utils', 'pkgver': '2.9.10+dfsg-6.3ubuntu0.1'},\n {'osver': '21.04', 'pkgname': 'python3-libxml2', 'pkgver': '2.9.10+dfsg-6.3ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-dev / libxml2-udeb / libxml2-utils / python-libxml2 / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:28:07", "description": "An update of [ruby,cassandra,linux,libxml2] packages for PhotonOS has been released.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Cassandra / Libxml2 / Linux / Ruby PHSA-2017-0029 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000112", "CVE-2017-10911", "CVE-2017-3161", "CVE-2017-3162", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8872", "CVE-2017-9228"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:cassandra", "p-cpe:/a:vmware:photonos:libxml2", "p-cpe:/a:vmware:photonos:linux", "p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0029.NASL", "href": "https://www.tenable.com/plugins/nessus/111878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0029. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111878);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\n \"CVE-2017-3161\",\n \"CVE-2017-3162\",\n \"CVE-2017-7533\",\n \"CVE-2017-7542\",\n \"CVE-2017-8872\",\n \"CVE-2017-9228\",\n \"CVE-2017-10911\",\n \"CVE-2017-1000112\"\n );\n\n script_name(english:\"Photon OS 1.0: Cassandra / Libxml2 / Linux / Ruby PHSA-2017-0029 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [ruby,cassandra,linux,libxml2] packages for PhotonOS has\nbeen released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-62\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f50b0a30\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3162\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:cassandra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"cassandra-3.10-5.ph1\",\n \"libxml2-2.9.4-7.ph1\",\n \"libxml2-debuginfo-2.9.4-7.ph1\",\n \"libxml2-devel-2.9.4-7.ph1\",\n \"libxml2-python-2.9.4-7.ph1\",\n \"linux-4.4.82-1.ph1\",\n \"linux-api-headers-4.4.82-1.ph1\",\n \"linux-debuginfo-4.4.82-1.ph1\",\n \"linux-dev-4.4.82-1.ph1\",\n \"linux-docs-4.4.82-1.ph1\",\n \"linux-drivers-gpu-4.4.82-1.ph1\",\n \"linux-esx-4.4.82-1.ph1\",\n \"linux-esx-debuginfo-4.4.82-1.ph1\",\n \"linux-esx-devel-4.4.82-1.ph1\",\n \"linux-esx-docs-4.4.82-1.ph1\",\n \"linux-oprofile-4.4.82-1.ph1\",\n \"linux-sound-4.4.82-1.ph1\",\n \"linux-tools-4.4.82-1.ph1\",\n \"ruby-2.4.0-5.ph1\",\n \"ruby-debuginfo-2.4.0-5.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cassandra / libxml2 / linux / ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T17:02:04", "description": "According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.Security Fix(es):** DISPUTED\n ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE:\n The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.(CVE-2018-14404)libxml2 2.9.8, if\n --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.(CVE-2015-8035)The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.(CVE-2017-18258)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2626)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2017-18258", "CVE-2017-5969", "CVE-2017-8872", "CVE-2017-9048", "CVE-2017-9049", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2626.NASL", "href": "https://www.tenable.com/plugins/nessus/132161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132161);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2017-18258\",\n \"CVE-2017-5969\",\n \"CVE-2017-8872\",\n \"CVE-2017-9048\",\n \"CVE-2017-9049\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2626)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - This library allows to manipulate XML files. It\n includes support to read, modify and write XML and HTML\n files. There is DTDs support this includes parsing and\n validation even with complex DtDs, either at parse time\n or later once the document has been modified. The\n output can be a simple SAX stream or and in-memory DOM\n like representations. In this case one can use the\n built-in XPath and XPointer implementation to select\n sub nodes or ranges. A flexible Input/Output mechanism\n is available, with existing HTTP and FTP modules and\n combined to an URI library.Security Fix(es):** DISPUTED\n ** libxml2 2.9.4, when used in recover mode, allows\n remote attackers to cause a denial of service (NULL\n pointer dereference) via a crafted XML document. NOTE:\n The maintainer states 'I would disagree of a CVE with\n the Recover parsing option which should only be used\n for manual recovery at least for XML\n parser.'(CVE-2017-5969)A NULL pointer dereference\n vulnerability exists in the\n xpath.c:xmlXPathCompOpEval() function of libxml2\n through 2.9.8 when parsing an invalid XPath expression\n in the XPATH_OP_AND or XPATH_OP_OR case. Applications\n processing untrusted XSL format inputs with the use of\n the libxml2 library may be vulnerable to a denial of\n service attack due to a crash of the\n application.(CVE-2018-14404)libxml2 2.9.8, if\n --with-lzma is used, allows remote attackers to cause a\n denial of service (infinite loop) via a crafted XML\n file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated\n by xmllint, a different vulnerability than\n CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)libxml2\n 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n heap-based buffer over-read in the\n xmlDictComputeFastKey function in dict.c. This\n vulnerability causes programs that use libxml2, such as\n PHP, to crash. This vulnerability exists because of an\n incomplete fix for libxml2 Bug\n 759398.(CVE-2017-9049)libxml2\n 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n stack-based buffer overflow. The function\n xmlSnprintfElementContent in valid.c is supposed to\n recursively dump the element content definition into a\n char buffer 'buf' of size 'size'. At the end of the\n routine, the function may strcat two more characters\n without checking whether the current strlen(buf) + 2 <\n size. This vulnerability causes programs that use\n libxml2, such as PHP, to crash.(CVE-2017-9048)The\n htmlParseTryOrFinish function in HTMLparser.c in\n libxml2 2.9.4 allows attackers to cause a denial of\n service (buffer over-read) or information\n disclosure.(CVE-2017-8872)The xz_decomp function in\n xzlib.c in libxml2 2.9.1 does not properly detect\n compression errors, which allows context-dependent\n attackers to cause a denial of service (process hang)\n via crafted XML data.(CVE-2015-8035)The xz_head\n function in xzlib.c in libxml2 before 2.9.6 allows\n remote attackers to cause a denial of service (memory\n consumption) via a crafted LZMA file, because the\n decoder functionality does not restrict memory usage to\n what is required for a legitimate file.(CVE-2017-18258)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2626\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c6b15be1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h17\",\n \"libxml2-devel-2.9.1-6.3.h17\",\n \"libxml2-python-2.9.1-6.3.h17\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-03-24T21:39:18", "description": "According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the '<!DOCTYPE html' substring in a crafted HTML document.(CVE-2015-8806)\n\n - libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)\n\n - The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.(CVE-2017-9050)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.8, if\n --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.(CVE-2018-9251)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-2211)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2015-8806", "CVE-2016-1839", "CVE-2017-5969", "CVE-2017-8872", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2211.NASL", "href": "https://www.tenable.com/plugins/nessus/130673", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130673);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-8806\",\n \"CVE-2017-5969\",\n \"CVE-2017-8872\",\n \"CVE-2017-9048\",\n \"CVE-2017-9049\",\n \"CVE-2017-9050\",\n \"CVE-2018-14567\",\n \"CVE-2018-9251\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-2211)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - dict.c in libxml2 allows remote attackers to cause a\n denial of service (heap-based buffer over-read and\n application crash) via an unexpected character\n immediately after the '<!DOCTYPE html' substring in a\n crafted HTML document.(CVE-2015-8806)\n\n - libxml2 2.9.4, when used in recover mode, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via a crafted XML document. NOTE: The\n maintainer states 'I would disagree of a CVE with the\n Recover parsing option which should only be used for\n manual recovery at least for XML\n parser.'(CVE-2017-5969)\n\n - The htmlParseTryOrFinish function in HTMLparser.c in\n libxml2 2.9.4 allows attackers to cause a denial of\n service (buffer over-read) or information\n disclosure.(CVE-2017-8872)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n stack-based buffer overflow. The function\n xmlSnprintfElementContent in valid.c is supposed to\n recursively dump the element content definition into a\n char buffer 'buf' of size 'size'. At the end of the\n routine, the function may strcat two more characters\n without checking whether the current strlen(buf) + 2 <\n size. This vulnerability causes programs that use\n libxml2, such as PHP, to crash.(CVE-2017-9048)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n heap-based buffer over-read in the\n xmlDictComputeFastKey function in dict.c. This\n vulnerability causes programs that use libxml2, such as\n PHP, to crash. This vulnerability exists because of an\n incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\n - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a\n heap-based buffer over-read in the xmlDictAddString\n function in dict.c. This vulnerability causes programs\n that use libxml2, such as PHP, to crash. This\n vulnerability exists because of an incomplete fix for\n CVE-2016-1839.(CVE-2017-9050)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.8, if\n --with-lzma is used, allows remote attackers to cause a\n denial of service (infinite loop) via a crafted XML\n file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated\n by xmllint, a different vulnerability than\n CVE-2015-8035.(CVE-2018-9251)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted XML file that triggers\n LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a\n different vulnerability than CVE-2015-8035 and\n CVE-2018-9251.(CVE-2018-14567)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2211\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?20307672\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h20.eulerosv2r7\",\n \"libxml2-devel-2.9.1-6.3.h20.eulerosv2r7\",\n \"libxml2-python-2.9.1-6.3.h20.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:28:41", "description": "libxml2 is vulnerable to denial of service (DoS). The vulnerability exists in the `htmlParseTryOrFinish` function in `HTMLparser.c` due to buffer-over-read, allowing an attacker to crash the application. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-12-06T04:02:57", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872"], "modified": "2022-04-19T18:30:15", "id": "VERACODE:28331", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28331/summary", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:52:19", "description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-05-10T09:23:01", "type": "redhatcve", "title": "CVE-2017-8872", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872"], "modified": "2020-08-18T13:57:59", "id": "RH:CVE-2017-8872", "href": "https://access.redhat.com/security/cve/cve-2017-8872", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T18:52:47", "description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-05-10T05:29:00", "type": "cve", "title": "CVE-2017-8872", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872"], "modified": "2020-09-10T01:15:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.9.4"], "id": "CVE-2017-8872", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8872", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-11-14T06:04:40", "description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-05-10T05:29:00", "type": "debiancve", "title": "CVE-2017-8872", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872"], "modified": "2017-05-10T05:29:00", "id": "DEBIANCVE:CVE-2017-8872", "href": "https://security-tracker.debian.org/tracker/CVE-2017-8872", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nlibxml2 developers report:\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.\nA buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-05-10T00:00:00", "type": "freebsd", "title": "libxml2 -- Multiple Issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1839", "CVE-2017-8872", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050"], "modified": "2017-05-10T00:00:00", "id": "76E59F55-4F7A-4887-BCB0-11604004163A", "href": "https://vuxml.freebsd.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-14T17:11:02", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131", "CVE-2017-8872", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049"], "modified": "2018-02-14T17:11:02", "id": "FEDORA:CCFB3631D0F6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FMHEXSXRPASMXWMMIMMGZ5NAFH22EGNY/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-30T18:12:24", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131", "CVE-2017-8872", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049"], "modified": "2018-01-30T18:12:24", "id": "FEDORA:790F1618AE54", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PBWYRHEVCVJN2ELXKZBFGCVFBBOGVDL7/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-15T00:00:00", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2018-a6b59d8f78", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9049", "CVE-2017-8872", "CVE-2017-9048", "CVE-2016-5131", "CVE-2017-9047", "CVE-2016-4658", "CVE-2017-9050"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a6b59d8f78_libxml2_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libxml2 FEDORA-2018-a6b59d8f78\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874119\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-15 08:49:42 +0100 (Thu, 15 Feb 2018)\");\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\",\n \"CVE-2017-8872\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2018-a6b59d8f78\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a6b59d8f78\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMHEXSXRPASMXWMMIMMGZ5NAFH22EGNY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.7~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2018-db610fff5b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9049", "CVE-2017-8872", "CVE-2017-9048", "CVE-2016-5131", "CVE-2017-9047", "CVE-2016-4658", "CVE-2017-9050"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_db610fff5b_libxml2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libxml2 FEDORA-2018-db610fff5b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874073\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:58:38 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\",\n \"CVE-2017-8872\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2018-db610fff5b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-db610fff5b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBWYRHEVCVJN2ELXKZBFGCVFBBOGVDL7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.7~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:40:37", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2491)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14567", "CVE-2017-5969", "CVE-2017-8872", "CVE-2018-9251", "CVE-2017-9048", "CVE-2017-0663", "CVE-2017-18258", "CVE-2015-8035"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192491", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192491", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2491\");\n script_version(\"2020-01-23T13:01:26+0000\");\n script_cve_id(\"CVE-2015-8035\", \"CVE-2017-0663\", \"CVE-2017-18258\", \"CVE-2017-5969\", \"CVE-2017-8872\", \"CVE-2017-9048\", \"CVE-2018-14567\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:01:26 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:01:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2491)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2491\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2491\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2019-2491 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.(CVE-2017-0663)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.(CVE-2015-8035)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.(CVE-2017-18258)\n\n** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-23T14:57:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-19T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1268)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14567", "CVE-2017-9049", "CVE-2017-8872", "CVE-2018-9251", "CVE-2017-9048", "CVE-2016-1839", "CVE-2015-8035", "CVE-2017-9050"], "modified": "2020-03-19T00:00:00", "id": "OPENVAS:1361412562311220201268", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201268", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1268\");\n script_version(\"2020-03-19T13:43:01+0000\");\n script_cve_id(\"CVE-2017-8872\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\", \"CVE-2018-14567\", \"CVE-2018-9251\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-19 13:43:01 +0000 (Thu, 19 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-19 13:43:01 +0000 (Thu, 19 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1268)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1268\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1268\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1268 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.(CVE-2017-9050)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.(CVE-2018-9251)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h17\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h17\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h17\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2626)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14404", "CVE-2018-14567", "CVE-2017-5969", "CVE-2017-9049", "CVE-2017-8872", "CVE-2018-9251", "CVE-2017-9048", "CVE-2017-18258", "CVE-2015-8035"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192626", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2626\");\n script_version(\"2020-01-23T13:10:04+0000\");\n script_cve_id(\"CVE-2015-8035\", \"CVE-2017-18258\", \"CVE-2017-5969\", \"CVE-2017-8872\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2018-14404\", \"CVE-2018-14567\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:10:04 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:10:04 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2626)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2626\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2626\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2019-2626 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)\n\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.(CVE-2018-14404)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.(CVE-2015-8035)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.(CVE-2017-18258)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2211)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14567", "CVE-2017-5969", "CVE-2017-9049", "CVE-2017-8872", "CVE-2018-9251", "CVE-2017-9048", "CVE-2016-1839", "CVE-2015-8806", "CVE-2015-8035", "CVE-2017-9050"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192211", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2211\");\n script_version(\"2020-01-23T12:39:57+0000\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2017-5969\", \"CVE-2017-8872\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\", \"CVE-2018-14567\", \"CVE-2018-9251\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:39:57 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:39:57 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2211)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2211\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2211\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2019-2211 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the '!DOCTYPE html' substring in a crafted HTML document.(CVE-2015-8806)\n\nlibxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 size. This vulnerability causes programs that use libxml2, such as PHP, to crash.(CVE-2017-9048)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.(CVE-2017-9050)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.(CVE-2018-9251)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:33", "description": "This host is running Nessus and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-15T00:00:00", "type": "openvas", "title": "Tenable Nessus Multiple Vulnerabilities(tns-2018-08)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8388", "CVE-2017-16931", "CVE-2017-9233", "CVE-2016-9840", "CVE-2017-7375", "CVE-2017-7244", "CVE-2017-11742", "CVE-2015-8391", "CVE-2018-11214", "CVE-2016-9063", "CVE-2016-5300", "CVE-2015-8395", "CVE-2015-8382", "CVE-2017-5969", "CVE-2016-9318", "CVE-2015-8386", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-8872", "CVE-2012-0876", "CVE-2012-6702", "CVE-2016-0718", "CVE-2015-8392", "CVE-2015-8389", "CVE-2018-9251", "CVE-2015-8380", "CVE-2017-9048", "CVE-2014-8964", "CVE-2016-1283", "CVE-2017-5029", "CVE-2015-8394", "CVE-2012-6139", "CVE-2016-5131", "CVE-2015-3217", "CVE-2016-3191", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-7246", "CVE-2017-7245", "CVE-2017-1000061", "CVE-2017-9047", "CVE-2016-1683", "CVE-2015-8383", "CVE-2016-1684", "CVE-2015-8381", "CVE-2017-7186", "CVE-2015-5073", "CVE-2017-18258", "CVE-2015-8385", "CVE-2016-9841", "CVE-2017-16932", "CVE-2015-9019", "CVE-2015-7995", "CVE-2015-2328", "CVE-2016-4472", "CVE-2014-9769", "CVE-2015-8387", "CVE-2015-8390", "CVE-2017-6004", "CVE-2017-9050"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310813437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Tenable Nessus Multiple Vulnerabilities(tns-2018-08)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:tenable:nessus\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813437\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2017-11742\", \"CVE-2017-9233\", \"CVE-2016-9063\", \"CVE-2016-0718\",\n \"CVE-2016-5300\", \"CVE-2012-0876\", \"CVE-2016-4472\", \"CVE-2012-6702\",\n \"CVE-2018-11214\", \"CVE-2017-18258\", \"CVE-2017-16932\", \"CVE-2017-16931\",\n \"CVE-2017-9050\", \"CVE-2017-9049\", \"CVE-2017-9048\", \"CVE-2017-9047\",\n \"CVE-2017-8872\", \"CVE-2017-7375\", \"CVE-2017-5969\", \"CVE-2016-9318\",\n \"CVE-2016-5131\", \"CVE-2018-9251\", \"CVE-2017-1000061\", \"CVE-2012-6139\",\n \"CVE-2015-7995\", \"CVE-2015-9019\", \"CVE-2016-1683\", \"CVE-2016-1684\",\n \"CVE-2017-5029\", \"CVE-2016-9840\", \"CVE-2016-9841\", \"CVE-2016-9842\",\n \"CVE-2016-9843\", \"CVE-2014-8964\", \"CVE-2014-9769\", \"CVE-2015-2327\",\n \"CVE-2015-2328\", \"CVE-2015-3217\", \"CVE-2015-5073\", \"CVE-2015-8380\",\n \"CVE-2015-8381\", \"CVE-2015-8382\", \"CVE-2015-8383\", \"CVE-2015-8384\",\n \"CVE-2015-8385\", \"CVE-2015-8386\", \"CVE-2015-8387\", \"CVE-2015-8388\",\n \"CVE-2015-8389\", \"CVE-2015-8390\", \"CVE-2015-8391\", \"CVE-2015-8392\",\n \"CVE-2015-8394\", \"CVE-2015-8395\", \"CVE-2016-1283\", \"CVE-2016-3191\",\n \"CVE-2017-6004\", \"CVE-2017-7186\", \"CVE-2017-7244\", \"CVE-2017-7245\",\n \"CVE-2017-7246\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-15 11:03:08 +0530 (Fri, 15 Jun 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Tenable Nessus Multiple Vulnerabilities(tns-2018-08)\");\n\n script_tag(name:\"summary\", value:\"This host is running Nessus and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists as some of the third-party\n components used within Nessus to provide underlying functionality were found to\n contain various vulnerabilities. The components with vulnerabilities include\n expat, libjpeg, libXML2, libXMLSEC, libXSLT, Zlib and libPCRE\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers potentially to gain privileges, execute arbitrary code, bypass\n security restrictions, conduct denial-of-service, gain access to potentially\n sensitive information, conduct XML External Entity (XXE) attacks and unspecified\n other impacts.\");\n\n script_tag(name:\"affected\", value:\"Nessus versions prior to version 7.1.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to nessus version 7.1.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://www.tenable.com\");\n script_xref(name:\"URL\", value:\"https://www.tenable.com/security/tns-2018-08\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_nessus_web_server_detect.nasl\");\n script_mandatory_keys(\"nessus/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!nesPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:nesPort, exit_no_version:TRUE)) exit(0);\nnesVer = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:nesVer, test_version:\"7.1.1\"))\n{\n report = report_fixed_ver(installed_version:nesVer, fixed_version:\"7.1.1\", install_path:path);\n security_message(data:report, port:nesPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}], "debian": [{"lastseen": "2021-10-22T11:01:23", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2369-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nSeptember 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nVersion : 2.9.4+dfsg1-2.2+deb9u3\nCVE ID : CVE-2017-8872 CVE-2017-18258 CVE-2018-14404\n CVE-2018-14567 CVE-2019-19956 CVE-2019-20388\n CVE-2020-7595 CVE-2020-24977\nDebian Bug : 895245 862450 949583 969529 949582\n\nSeveral security vulnerabilities were corrected in libxml2, the GNOME\nXML library.\n\nCVE-2017-8872\n\n Global buffer-overflow in the htmlParseTryOrFinish function.\n\nCVE-2017-18258\n\n The xz_head function in libxml2 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted LZMA file,\n because the decoder functionality does not restrict memory usage to\n what is required for a legitimate file.\n\nCVE-2018-14404\n\n A NULL pointer dereference vulnerability exists in the\n xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an\n invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs may be\n vulnerable to a denial of service attack.\n\nCVE-2018-14567\n\n If the option --with-lzma is used, allows remote attackers to cause\n a denial of service (infinite loop) via a crafted XML file.\n\nCVE-2019-19956\n\n The xmlParseBalancedChunkMemoryRecover function has a memory leak\n related to newDoc->oldNs.\n\nCVE-2019-20388\n\n A memory leak was found in the xmlSchemaValidateStream function of\n libxml2. Applications that use this library may be vulnerable to\n memory not being freed leading to a denial of service.\n\nCVE-2020-7595\n\n Infinite loop in xmlStringLenDecodeEntities can cause a denial of\n service.\n\nCVE-2020-24977\n\n Out-of-bounds read restricted to xmllint --htmlout.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.9.4+dfsg1-2.2+deb9u3.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFor the detailed security status of libxml2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2020-09-09T22:41:50", "type": "debian", "title": "[SECURITY] [DLA 2369-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18258", "CVE-2017-8872", "CVE-2018-14404", "CVE-2018-14567", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-24977", "CVE-2020-7595"], "modified": "2020-09-09T22:41:50", "id": "DEBIAN:DLA-2369-1:46D38", "href": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-01-23T03:57:52", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2369-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nSeptember 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nVersion : 2.9.4+dfsg1-2.2+deb9u3\nCVE ID : CVE-2017-8872 CVE-2017-18258 CVE-2018-14404\n CVE-2018-14567 CVE-2019-19956 CVE-2019-20388\n CVE-2020-7595 CVE-2020-24977\nDebian Bug : 895245 862450 949583 969529 949582\n\nSeveral security vulnerabilities were corrected in libxml2, the GNOME\nXML library.\n\nCVE-2017-8872\n\n Global buffer-overflow in the htmlParseTryOrFinish function.\n\nCVE-2017-18258\n\n The xz_head function in libxml2 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted LZMA file,\n because the decoder functionality does not restrict memory usage to\n what is required for a legitimate file.\n\nCVE-2018-14404\n\n A NULL pointer dereference vulnerability exists in the\n xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an\n invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs may be\n vulnerable to a denial of service attack.\n\nCVE-2018-14567\n\n If the option --with-lzma is used, allows remote attackers to cause\n a denial of service (infinite loop) via a crafted XML file.\n\nCVE-2019-19956\n\n The xmlParseBalancedChunkMemoryRecover function has a memory leak\n related to newDoc->oldNs.\n\nCVE-2019-20388\n\n A memory leak was found in the xmlSchemaValidateStream function of\n libxml2. Applications that use this library may be vulnerable to\n memory not being freed leading to a denial of service.\n\nCVE-2020-7595\n\n Infinite loop in xmlStringLenDecodeEntities can cause a denial of\n service.\n\nCVE-2020-24977\n\n Out-of-bounds read restricted to xmllint --htmlout.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.9.4+dfsg1-2.2+deb9u3.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFor the detailed security status of libxml2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2020-09-09T22:41:50", "type": "debian", "title": "[SECURITY] [DLA 2369-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18258", "CVE-2017-8872", "CVE-2018-14404", "CVE-2018-14567", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-24977", "CVE-2020-7595"], "modified": "2020-09-09T22:41:50", "id": "DEBIAN:DLA-2369-1:E14AE", "href": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-10-06T11:29:07", "description": "Yunho Kim discovered that libxml2 incorrectly handled certain error \nconditions. A remote attacker could exploit this with a crafted XML file to \ncause a denial of service, or possibly cause libxml2 to expose sensitive \ninformation. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 \nESM. (CVE-2017-8872)\n\nZhipeng Xie discovered that libxml2 incorrectly handled certain XML \nschemas. A remote attacker could possibly use this issue to cause a denial \nof service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, \nand Ubuntu 18.04 LTS. (CVE-2019-20388)\n\nIt was discovered that libxml2 incorrectly handled invalid UTF-8 input. A \nremote attacker could possibly exploit this with a crafted XML file to \ncause libxml2 to crash, resulting in a denial of service. This issue only \naffected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 \nLTS and Ubuntu 20.10. (CVE-2020-24977)\n\nIt was discovered that libxml2 incorrectly handled invalid UTF-8 input. A \nremote attacker could possibly exploit this with a crafted XML file to \ncause libxml2 to crash, resulting in a denial of service. (CVE-2021-3517)\n\nIt was discovered that libxml2 did not properly handle certain crafted XML \nfiles. A local attacker could exploit this with a crafted input to cause \nlibxml2 to crash, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2021-3516, CVE-2021-3518)\n\nIt was discovered that libxml2 incorrectly handled error states. A remote \nattacker could exploit this with a crafted XML file to cause libxml2 to \ncrash, resulting in a denial of service. (CVE-2021-3537)\n\nSebastian Pipping discovered that libxml2 did not properly handle certain \ncrafted XML files. A remote attacker could exploit this with a crafted XML \nfile to cause libxml2 to crash, resulting in a denial of service. This \nissue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. \n(CVE-2021-3541)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-06-17T00:00:00", "type": "ubuntu", "title": "libxml2 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872", "CVE-2019-20388", "CVE-2020-24977", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-3541"], "modified": "2021-06-17T00:00:00", "id": "USN-4991-1", "href": "https://ubuntu.com/security/notices/USN-4991-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:18:56", "description": "\nSeveral security vulnerabilities were corrected in libxml2, the GNOME\nXML library.\n\n\n* [CVE-2017-8872](https://security-tracker.debian.org/tracker/CVE-2017-8872)\nGlobal buffer-overflow in the htmlParseTryOrFinish function.\n* [CVE-2017-18258](https://security-tracker.debian.org/tracker/CVE-2017-18258)\nThe xz\\_head function in libxml2 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted LZMA file,\n because the decoder functionality does not restrict memory usage to\n what is required for a legitimate file.\n* [CVE-2018-14404](https://security-tracker.debian.org/tracker/CVE-2018-14404)\nA NULL pointer dereference vulnerability exists in the\n xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an\n invalid XPath expression in the XPATH\\_OP\\_AND or XPATH\\_OP\\_OR case.\n Applications processing untrusted XSL format inputs may be\n vulnerable to a denial of service attack.\n* [CVE-2018-14567](https://security-tracker.debian.org/tracker/CVE-2018-14567)\nIf the option --with-lzma is used, allows remote attackers to cause\n a denial of service (infinite loop) via a crafted XML file.\n* [CVE-2019-19956](https://security-tracker.debian.org/tracker/CVE-2019-19956)\nThe xmlParseBalancedChunkMemoryRecover function has a memory leak\n related to newDoc->oldNs.\n* [CVE-2019-20388](https://security-tracker.debian.org/tracker/CVE-2019-20388)\nA memory leak was found in the xmlSchemaValidateStream function of\n libxml2. Applications that use this library may be vulnerable to\n memory not being freed leading to a denial of service.\n* [CVE-2020-7595](https://security-tracker.debian.org/tracker/CVE-2020-7595)\nInfinite loop in xmlStringLenDecodeEntities can cause a denial of\n service.\n* [CVE-2020-24977](https://security-tracker.debian.org/tracker/CVE-2020-24977)\nOut-of-bounds read restricted to xmllint --htmlout.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.9.4+dfsg1-2.2+deb9u3.\n\n\nWe recommend that you upgrade your libxml2 packages.\n\n\nFor the detailed security status of libxml2 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libxml2>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-09-10T00:00:00", "type": "osv", "title": "libxml2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14404", "CVE-2019-20388", "CVE-2018-14567", "CVE-2017-8872", "CVE-2020-7595", "CVE-2019-19956", "CVE-2017-18258", "CVE-2020-24977"], "modified": "2022-08-05T05:18:53", "id": "OSV:DLA-2369-1", "href": "https://osv.dev/vulnerability/DLA-2369-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "photon": [{"lastseen": "2021-11-03T11:53:43", "description": "An update of [ruby,cassandra,linux,libxml2] packages for PhotonOS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-16T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2017-0029", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000112", "CVE-2017-10911", "CVE-2017-3161", "CVE-2017-3162", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8872", "CVE-2017-9228"], "modified": "2017-08-16T00:00:00", "id": "PHSA-2017-0029", "href": "https://github.com/vmware/photon/wiki/Security-Updates-62", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2021-08-11T17:37:22", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nYunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2017-8872)\n\nZhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-20388)\n\nIt was discovered that libxml2 incorrectly handled invalid UTF-8 input. A remote attacker could possibly exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-24977)\n\nIt was discovered that libxml2 incorrectly handled invalid UTF-8 input. A remote attacker could possibly exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3517)\n\nIt was discovered that libxml2 did not properly handle certain crafted XML files. A local attacker could exploit this with a crafted input to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3516, CVE-2021-3518)\n\nIt was discovered that libxml2 incorrectly handled error states. A remote attacker could exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3537)\n\nSebastian Pipping discovered that libxml2 did not properly handle certain crafted XML files. A remote attacker could exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3541)\n\nCVEs contained in this USN include: CVE-2017-8872, CVE-2021-3516, CVE-2020-24977, CVE-2021-3541, CVE-2021-3537, CVE-2021-3517, CVE-2021-3518, CVE-2019-20388.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.13\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.245.0\n * CF Deployment \n * All versions prior to 16.16.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.13 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.245.0 or greater\n * CF Deployment \n * Upgrade all versions to 16.16.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4991-1/>)\n * [CVE-2017-8872](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872>)\n * [CVE-2021-3516](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3516>)\n * [CVE-2020-24977](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24977>)\n * [CVE-2021-3541](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3541>)\n * [CVE-2021-3537](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3537>)\n * [CVE-2021-3517](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3517>)\n * [CVE-2021-3518](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3518>)\n * [CVE-2019-20388](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20388>)\n\n## History\n\n2021-07-08: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2021-07-08T00:00:00", "type": "cloudfoundry", "title": "USN-4991-1: libxml2 vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872", "CVE-2019-20388", "CVE-2020-24977", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-3541"], "modified": "2021-07-08T00:00:00", "id": "CFOUNDRY:A2488D03CBE987233F934844F44A3BB5", "href": "https://www.cloudfoundry.org/blog/usn-4991-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudlinux": [{"lastseen": "2022-04-29T18:51:38", "description": "- CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities\n- CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd'\n- CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv\n- CVE-2021-3541.patch: parser fix for the billion laughs attack\n- CVE-2021-3516.patch: fix use-after-free with 'xmllint --html --push'\n- CVE-2017-8872.patch: free input buffer in xmlHaltParser\n- CVE-2019-20388.patch: fix memory leak in xmlSchemaValidateStream\n- CVE-2020-24977.patch: fix out-of-bounds read with 'xmllint --htmlout'", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-01-11T12:18:56", "type": "cloudlinux", "title": "Fix of 8 CVEs", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872", "CVE-2019-20388", "CVE-2020-24977", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-3541"], "modified": "2022-01-11T12:18:56", "id": "CLSA-2022:1641903536", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-28T14:39:15", "description": "- CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities\n- CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd'\n- CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv\n- CVE-2021-3541.patch: parser fix for the billion laughs attack\n- CVE-2021-3516.patch: fix use-after-free with 'xmllint --html --push'\n- CVE-2017-8872.patch: free input buffer in xmlHaltParser\n- CVE-2019-20388.patch: fix memory leak in xmlSchemaValidateStream\n- CVE-2020-24977.patch: fix out-of-bounds read with 'xmllint --htmlout'", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2021-12-28T13:15:15", "type": "cloudlinux", "title": "Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872", "CVE-2019-20388", "CVE-2020-24977", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-3541"], "modified": "2021-12-28T13:15:15", "id": "CLSA-2021:1640697315", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-06-28T22:05:39", "description": "## Summary\n\nThis bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.10.0. \n \nIBM Cognos Analytics uses the libxml2 library . Mulitple libxml2 vulnerabilities have been addressed. \n \nA vulnerablity was addressed whereby detailed technical error messages can allow an adversary to gain information about the application and database that could be used to conduct further attacks. \n \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-4658_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658>)** \nDESCRIPTION:** The libxml2 library, as used in multiple products, could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. An attacker could exploit this vulnerability using a specially crafted XML document to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117175_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117175>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID:** [_CVE-2017-9050_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050>)** \nDESCRIPTION:** libxml2 is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the xmlDictAddString function in dict.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126277_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126277>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2017-9049_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049>)** \nDESCRIPTION:** libxml2 is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the xmlDictComputeFastKey function in dict.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126276_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126276>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2017-9048_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking of the strlen(buf) size in the xmlSnprintfElementContent function in valid.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause the application to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126275_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126275>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2017-9047_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047>)** \nDESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the xmlSnprintfElementContent function in valid.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause application to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/126274_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126274>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2017-8872_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872>)** \nDESCRIPTION:** libxml2 is vulnerable to a buffer overflow, caused by a a buffer-over-read flaw in the htmlParseTryOrFinish function in HTMLparser.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause a denial of service condition or obtain sensitive information on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2017-7376_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by the incorrect limit used when calculating the port value in xmlParse3986Port function. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/128276_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128276>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2017-7375_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375>)** \nDESCRIPTION:** libxml2 could allow a remote attacker to obtain sensitive information, caused by missing validation for external entities in xmlParsePEReference. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/128275_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128275>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2017-5969_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969>)** \nDESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference in the xmlSaveDoc functionality when used in recover mode. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/128274_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128274>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n \n**CVEID:** [_CVE-2017-16932_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932>)** \nDESCRIPTION:** Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter entities. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust available memory on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/135489_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135489>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2017-16931_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931>)** \nDESCRIPTION:** Xmlsoft libxml2 is vulnerable to a buffer overflow, caused by improper handling of parameter-entity references in xmlParserHandlePEReference function. By using a percent character in a DTD name, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/135488_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135488>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2016-9711_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9711>)** \nDESCRIPTION:** IBM Predictive Solutions Foundation (formerly PMQ) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119619_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119619>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Cognos Analytics Versions 11.0.0.0 to 11.0.9.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply IBM Cognos Analytics 11.0.10.0 as soon as practical. \n \n[Downloading IBM Cognos Analytics 11.0.10.0](<http://www-01.ibm.com/support/docview.wss?uid=swg24044517>) \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n16 March 2018: Original version published \n \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSTSF6\",\"label\":\"IBM Cognos Analytics\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"11.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:51:36", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Cognos Analytics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2016-9711", "CVE-2017-16931", "CVE-2017-16932", "CVE-2017-5969", "CVE-2017-7375", "CVE-2017-7376", "CVE-2017-8872", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050"], "modified": "2018-06-15T23:51:36", "id": "1695654077F888DBA5D74372BE319A101D1D52DECCCA129B96319385DBC072A0", "href": "https://www.ibm.com/support/pages/node/567705", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:41:05", "description": "## Summary\n\nCloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-25329](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329>) \n** DESCRIPTION: **Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw with a configuration edge case. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197519](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197519>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12418](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to gain elevated privileges on the system, caused by a flaw when configured with the JMX Remote Lifecycle Listener. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to capture user names and passwords used to access the JMX interface and gain elevated privileges. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173626](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173626>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-12617](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to an error when running on Windows with HTTP PUTs enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132484](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132484>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14343](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14343>) \n** DESCRIPTION: **YAML PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing untrusted YAML files through the full_load method or with the FullLoader loader. By persuading a victim to open a specially-crafted YAML file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197449](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197449>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3272](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3272>) \n** DESCRIPTION: **JasPer is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the jp2_decode in jp2/jp2_dec.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-7733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7733>) \n** DESCRIPTION: **ua-parser-js is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188397>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493>) \n** DESCRIPTION: **Pallets jinja2 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the email regex. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28500](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) in the toNumber, trim and trimEnd functions. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36048](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36048>) \n** DESCRIPTION: **Socket.IO Engine.IO is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted HTTP POST request to the long polling transport, a remote attacker could exploit this vulnerability to cause a resource consumption, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7793](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7793>) \n** DESCRIPTION: **ua-parser-js is vulnerable to a denial of service, caused by regular expression denial of service (ReDoS) in multiple regexes. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192997](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192997>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8203](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23341](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23341>) \n** DESCRIPTION: **prism is vulnerable to a denial of service. By using the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components, a remote attacker could exploit this vulnerability to cause a regular expression denial of service (ReDoS). \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29060](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29060>) \n** DESCRIPTION: **Color-String is vulnerable to a denial of service, caused by an error when the application is provided and checks a crafted invalid HWB string. By sending a specially crafted string, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204156](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204156>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-32723](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32723>) \n** DESCRIPTION: **Node.js prismjs module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when highlighting untrusted (user-given) text. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204479](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204479>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33623](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623>) \n** DESCRIPTION: **Node.js trim-newlines module is vulnerable to a denial of service, caused by a regular expression denial-of-service (ReDoS) flaw in the .end() method. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202758](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202758>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3749](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749>) \n** DESCRIPTION: **axios is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the trim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause an application to consume an excessive amount of CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208438](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208438>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3801](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3801>) \n** DESCRIPTION: **Prismjs prism is vulnerable to a denial of service, caused by the inefficient regular expression complexity. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3803>) \n** DESCRIPTION: **nth-check is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42340](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139475](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139475>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-1304](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1304>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139476](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139476>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-30640](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted request using various user names, an attacker could exploit this vulnerability to bypass some of the protection provided by the LockOut Realm. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205213](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205213>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-41079](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37699](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37699>) \n** DESCRIPTION: **Node.js next module could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-11784](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150860>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-15256](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15256>) \n** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the set method to the includeInheritedProps mode. By creating a new instance of object-path and setting the option includeInheritedProps: true, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190219](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190219>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-23337](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337>) \n** DESCRIPTION: **Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196797](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196797>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39178](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39178>) \n** DESCRIPTION: **Vercel Next.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Image Optimization API. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208466](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208466>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-16487](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2019-10744](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167415](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167415>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2019-10746](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10746>) \n** DESCRIPTION: **Node.js mixin-deep module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167420](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167420>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-1765](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to violate iframe sandboxing policy. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195917>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-1935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-15138](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138>) \n** DESCRIPTION: **Prism is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Previewers plugin. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186416](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186416>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-25658](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658>) \n** DESCRIPTION: **Python-RSA could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-25659](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659>) \n** DESCRIPTION: **python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192485](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192485>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-8872](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872>) \n** DESCRIPTION: **libxml2 is vulnerable to a buffer overflow, caused by a a buffer-over-read flaw in the htmlParseTryOrFinish function in HTMLparser.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause a denial of service condition or obtain sensitive information on the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-17563](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to hijack a user's session. By using the FORM authentication function, an attacker could exploit this vulnerability to gain access to another user's session. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-23434](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434>) \n** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw when the path components used in the path parameter are arrays. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-26237](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26237>) \n** DESCRIPTION: **Highlight.js is vulnerable to a denial of service, caused by a prototype pollution. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-16276](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16276>) \n** DESCRIPTION: **Golang could allow a remote attacker to bypass security restrictions, caused by improper validation of HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass filter or conduct HTTP request smuggling. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167963](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167963>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-8014](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014>) \n** DESCRIPTION: **Apache Tomcat could provide weaker than expected security, caused by insecure default settings for the CORS filter. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143411>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-25122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when responding to new h2c connection requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to see the request body information from one request to another, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197517](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197517>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-8037](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8037>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of NIO/NIO2 connectors closures. An attacker could exploit this vulnerability to reuse user sessions in a new connection. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147212](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147212>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184012>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-1572](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572>) \n** DESCRIPTION: **e2fsprogs is vulnerable to a heap-based buffer overflow, caused by an incomplete fix related to improper bounds checking by the libext2fs library. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/101199](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101199>) for the current score. \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-27292](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27292>) \n** DESCRIPTION: **UAParser.js is vulnerable to a denial of service. By sending a specially crafted User-Agent header, a remote attacker could exploit this vulnerability to cause the application to process the file for an extended time. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-32822](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32822>) \n** DESCRIPTION: **Node.js hbs module could allow a remote attacker to obtain sensitive information, caused by an issue when the template engine configuration options are passed through Express render API. By overwriting internal configuration options, an attacker could exploit this vulnerability to obtain file information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-39227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39227>) \n** DESCRIPTION: **Baidu EFE team ZRender could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the merge and clone helper methods in the src/core/util.ts. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-1938](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file read/inclusion vulnerability in the AJP connector. By sending a specially-crafted request, an attacker could exploit this vulnerability to read web application files from a vulnerable server and upload malicious JavaServer Pages (JSP) code within a variety of file types and execute arbitrary code on the system. Note: This vulnerability is known as Ghostcat. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3805>) \n** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the del() function. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.9.1.0 \nCloud Pak for Security (CP4S)| 1.8.1.0 \nCloud Pak for Security (CP4S)| 1.8.0.0 \n \n\n\n## Remediation/Fixes\n\nPlease upgrade following instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.9?topic=installing-upgrading-cloud-pak-security-from-18>\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n01 Mar 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTDPP\",\"label\":\"IBM Cloud Pak for Security\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"1.8.0.0, 1.8.1.0, 1.9.0.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T16:38:26", "type": "ibm", "title": "Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1572", "CVE-2017-12617", "CVE-2017-8872", "CVE-2018-11784", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-16487", "CVE-2018-8014", "CVE-2018-8037", "CVE-2019-10744", "CVE-2019-10746", "CVE-2019-12418", "CVE-2019-16276", "CVE-2019-17563", "CVE-2020-11996", "CVE-2020-14343", "CVE-2020-15138", "CVE-2020-15256", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-25658", "CVE-2020-25659", "CVE-2020-26237", "CVE-2020-28493", "CVE-2020-28500", "CVE-2020-36048", "CVE-2020-7733", "CVE-2020-7793", "CVE-2020-8203", "CVE-2021-1765", "CVE-2021-23337", "CVE-2021-23341", "CVE-2021-23434", "CVE-2021-25122", "CVE-2021-25329", "CVE-2021-27292", "CVE-2021-29060", "CVE-2021-30640", "CVE-2021-3272", "CVE-2021-32723", "CVE-2021-32822", "CVE-2021-33623", "CVE-2021-3749", "CVE-2021-37699", "CVE-2021-3801", "CVE-2021-3803", "CVE-2021-3805", "CVE-2021-39178", "CVE-2021-39227", "CVE-2021-41079", "CVE-2021-42340"], "modified": "2022-04-01T16:38:26", "id": "C596338966F1610A28DC01FBB21502CC71651B70DBC8B96D9603EBE432E4D5E6", "href": "https://www.ibm.com/support/pages/node/6568787", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-09-14T22:30:08", "description": "The Docker images provided with SUSE CaaS Platform 1.0 have been updated\n to include the following updates:\n\n libzypp:\n\n - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows,\n mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984)\n - Fix gpg-pubkey release (creation time) computation. (bsc#1036659)\n - Update lsof blacklist. (bsc#1046417)\n - Re-probe on refresh if the repository type changes. (bsc#1048315)\n - Propagate proper error code to DownloadProgressReport. (bsc#1047785)\n - Allow to trigger an appdata refresh unconditionally. (bsc#1009745)\n - Support custom repo variables defined in /etc/zypp/vars.d.\n - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236)\n - Fix potential crash if repository has no baseurl. (bsc#1043218)\n\n zypper:\n\n - CVE-2017-7436: Adapt download callback to report and handle unsigned\n packages. (bsc#1038984)\n - Report missing/optional files as 'not found' rather than 'error'.\n (bsc#1047785)\n - Document support for custom repository variables defined in\n /etc/zypp/vars.d.\n - Emphasize that it depends on how fast PackageKit will respond to a\n 'quit' request sent if PK blocks package management.\n\n libgcrypt:\n\n - Fix infinite loop in gnome-keyring-daemon caused by attempt to read from\n random device left open by libgcrypt. (bsc#1043333)\n - Avoid seeding the DRBG during FIPS power-up selftests. (bsc#1046659)\n - Fix a bug in gcry_drbg_healthcheck_sanity() which caused skipping some\n of the tests. (bsc#1046659)\n - dlsym returns PLT address on s390x, dlopen libgcrypt20.so before calling\n dlsym. (bsc#1047008)\n\n lua51:\n\n - Add Lua(API) and Lua(devel) symbols to fix building of lua51-luasocket.\n (bsc#1051626)\n\n cyrus-sasl:\n\n - Fix unknown authentication mechanism: kerberos5 (bsc#1026825)\n - Really use SASLAUTHD_PARAMS variable (bsc#938657)\n - Make sure /usr/sbin/rcsaslauthd exists\n - Add /usr/sbin/rcsaslauthd symbolic link to /usr/sbin/service\n (bsc#1014471)\n - Silence "GSSAPI client step 1" debug log message (bsc#1044840)\n\n libxml2:\n\n - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444)\n\n curl:\n\n - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a\n denial of service. (bsc#1051644)\n - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial\n of service. (bsc#1051643)\n\n ncurses:\n\n - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964)\n - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry.\n (bsc#1047965)\n - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses\n 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858,\n bsc#1049344)\n\n sed:\n\n - Don't terminate with a segmentation fault if close of last file\n descriptor fails. (bsc#954661)\n\n openssl:\n\n - Remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE to address SWEET32\n problem. (bsc#1027908)\n - Use getrandom syscall instead of reading from /dev/urandom to get at\n least 128 bits of entropy to comply with FIPS 140.2 IG 7.14.\n (bsc#1027079 bsc#1044175)\n - Fix x86 extended feature detection (bsc#1029523)\n - Allow runtime switching of s390x capabilities via the "OPENSSL_s390xcap"\n environmental variable. (bsc#1028723)\n - Add back certificate initialization set_cert_key_stuff() which was\n removed in a previous update. (bsc#1028281)\n - Fix a bug in XTS key handling. (bsc#1019637)\n - Don't run FIPS power-up self-tests when the checksum files aren't\n installed. (bsc#1042392)\n\n procps:\n\n - Don't set buffering on invalid file descriptor. (bsc#1053409)\n\n expat:\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading\n to unexpected behaviour. (bsc#1047240)\n - CVE-2017-9233: External Entity Vulnerability could lead to denial of\n service. (bsc#1047236)\n\n systemd:\n\n - Revert fix for bsc#1004995 which could have caused boot failure on LVM\n (bsc#1048605)\n - compat-rules: drop the bogus 'import everything' rule (bsc#1046268)\n - core: use an AF_UNIX/SOCK_DGRAM socket for cgroup agent notification\n (bsc#1045384 bsc#1047379)\n - udev/path_id: introduce support for NVMe devices (bsc#1045987)\n - compat-rules: Don't rely on ID_SERIAL when generating 'by-id' links for\n NVMe devices. (bsc#1048679)\n - fstab-generator: Handle NFS "bg" mounts correctly. (bsc#874665,\n fate#323464)\n - timesyncd: Don't use compiled-in list if FallbackNTP has been configured\n explicitly.\n\n insserv-compat:\n\n - Add /etc/init.d hierarchy from former "filesystem" package. (bsc#1035062)\n - Fix directory argument parsing. (bsc#944903)\n - Add perl(Getopt::Long) to list of requirements.\n\n mariadb:\n\n - Update libmysqlclient18 from version 10.0.30 to 10.0.31.\n\n python-pycrypto:\n\n - CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew\n (bsc#1017420).\n\n velum:\n\n - Fix loopback IP for proxy exception during initial configuration.\n (bsc#1052759)\n - Set secure flag in cookie. (bsc#1050484)\n - Set VERSION to 1.0.0. (bsc#1050396)\n - Allow kubeconfig download when master is ready. (bsc#1048483)\n\n", "cvss3": {}, "published": "2017-09-14T21:11:54", "type": "suse", "title": "Security update for CaaS Platform 1.0 images (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-9233", "CVE-2017-10685", "CVE-2016-9063", "CVE-2017-11112", "CVE-2017-8872", "CVE-2017-3456", "CVE-2017-11113", "CVE-2017-7436", "CVE-2017-3309", "CVE-2017-1000101", "CVE-2017-3308", "CVE-2017-3453", "CVE-2017-1000100", "CVE-2017-3464", "CVE-2017-7435", "CVE-2017-10684", "CVE-2013-7459", "CVE-2017-9269"], "modified": "2017-09-14T21:11:54", "id": "SUSE-SU-2017:2470-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00047.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-11T05:54:20", "description": "The SUSE Linux Enterprise Server 12 SP2 container image has been updated\n to include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 are now included in the base\n image. A package/CVE cross-reference is available below.\n\n bash:\n\n - CVE-2016-9401\n\n expat:\n\n - CVE-2012-6702\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n curl:\n\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n glibc:\n\n - CVE-2017-1000366\n\n openssl:\n\n - CVE-2017-3731\n - CVE-2017-3732\n - CVE-2016-7055\n\n pam:\n\n - CVE-2015-3238\n\n apparmor:\n\n - CVE-2017-6507\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libgcrypt:\n\n - CVE-2017-7526\n\n libxml2:\n\n - CVE-2016-1839\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-0663\n - CVE-2017-5969\n - CVE-2017-7375\n - CVE-2017-7376\n - CVE-2017-8872\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n libzypp:\n\n - CVE-2017-9269\n - CVE-2017-7435\n - CVE-2017-7436\n\n openldap2:\n\n - CVE-2017-9287\n\n systemd:\n\n - CVE-2016-10156\n - CVE-2017-9217\n - CVE-2017-9445\n\n util-linux:\n\n - CVE-2016-5011\n - CVE-2017-2616\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n zypper:\n\n - CVE-2017-7436\n\n Finally, the following packages received non-security fixes:\n\n - binutils\n - cpio\n - cryptsetup\n - cyrus-sasl\n - dbus-1\n - dirmngr\n - e2fsprogs\n - gpg2\n - insserv-compat\n - kmod\n - libsolv\n - libsemanage\n - lvm2\n - lua51\n - netcfg\n - procps\n - sed\n - sg3_utils\n - shadow\n\n", "cvss3": {}, "published": "2017-10-11T03:08:09", "type": "suse", "title": "Security update for SLES 12-SP2 Docker image (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7407", "CVE-2017-9233", "CVE-2016-9840", "CVE-2017-7375", "CVE-2017-10685", "CVE-2017-9445", "CVE-2016-9063", "CVE-2016-5300", "CVE-2017-11112", "CVE-2017-5969", "CVE-2016-9318", "CVE-2016-7055", "CVE-2017-3731", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-2616", "CVE-2017-8872", "CVE-2012-6702", "CVE-2015-3238", "CVE-2017-9048", "CVE-2017-11113", "CVE-2017-3732", "CVE-2017-7376", "CVE-2017-7436", "CVE-2017-1000101", "CVE-2016-9401", "CVE-2017-7526", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2017-0663", "CVE-2016-9843", "CVE-2017-9047", "CVE-2016-9597", "CVE-2017-9217", "CVE-2016-10156", "CVE-2017-1000100", "CVE-2016-9586", "CVE-2016-5011", "CVE-2017-7435", "CVE-2016-9841", "CVE-2016-2037", "CVE-2017-9287", "CVE-2017-6507", "CVE-2016-4658", "CVE-2017-10684", "CVE-2017-9269", "CVE-2017-9050"], "modified": "2017-10-11T03:08:09", "id": "SUSE-SU-2017:2701-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ics": [{"lastseen": "2022-10-26T00:13:46", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 8.2**\n * **ATTENTION: **Low attack complexity\n * **Vendor:** Hitachi Energy\n * **Equipment: **Transformer Asset Performance Management (APM) Edge\n * **Vulnerability:** Reliance on Uncontrolled Component\n\n## 2\\. UPDATE OR REPOSTED INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled \u201cICSA-21-336-06 Hitachi Energy APM Edge\u201d that was published December 02, 2021, on the ICS webpage on cisa.gov/ics.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause the product to become inaccessible.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nHitachi Energy reports this vulnerability affects the following APM product versions:\n\n * APM Edge Version 1.0\n * APM Edge Version 2.0\n * APM Edge Version 3.0\n\n### 4.2 VULNERABILITY OVERVIEW\n\n**\\--------- Begin Update A part 1 of 2 ---------**\n\n#### 4.2.1 **[RELIANCE ON UNCONTROLLED COMPONENT CWE-1357](<https://cwe.mitre.org/data/definitions/1357.html>)**\n\n**\\--------- End Update A part 1 of 2 ---------**\n\nHitachi Energy is aware of public reports of this vulnerability in the following open-source software components: OpenSSL, LibSSL, libxml2 and GRUB2 bootloader. The vulnerability also affects some APM Edge products. An attacker who successfully exploits this vulnerability could cause the product to become inaccessible. \n \n[CVE-2021-3449](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3449>), [CVE-2020-1971](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1971>), [CVE-2019-1563](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1563>), [CVE-2019-1549](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1549>), [CVE-2019-1547](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1547>), [CVE-2021-23840](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23840>), [CVE-2021-23841](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23841>), [CVE-2017-8872](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8872>), [CVE-2019-20388](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20388>), [CVE-2020-24977](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24977>), [CVE-2021-3516](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3516>), [CVE-2021-3517](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3517>), [CVE-2021-3518](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3518>), [CVE-2021-3537](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3537>), [CVE-2021-3541](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3541>), [CVE-2020-10713](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10713>), [CVE-2020-14308](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14308>), [CVE-2020-14309](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14309>), [CVE-2020-14310](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14310>), [CVE-2020-14311](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14311>), [CVE-2020-15705](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705>), [CVE-2020-15706](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15706>), [CVE-2020-15707](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15707>), [CVE-2020-14372](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14372>), [CVE-2020-25632](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25632>), [CVE-2020-27749](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749>), [CVE-2020-27779](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27779>), [CVE-2021-20225](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225>), and [CVE-2021-20233](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233>) have been assigned to the vulnerability in these components. \nA CVSS v3 base score of 8.2 has been calculated for the worst case; the CVSS vector string is ([AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Energy\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Switzerland\n\n### 4.4 RESEARCHER\n\nHitachi Energy reported to CISA that Transformer APM Edge contains open-source components with these known vulnerabilities.\n\n## 5\\. MITIGATIONS\n\nHitachi Energy recommends users update to Transformer APM Edge v4.0. This version updates the software components to remediate this vulnerability.\n\nHitachi Energy recommends the following security practices and firewall configurations to help protect process control networks from attacks that originate from outside the network:\n\n * Physically protect process control systems from direct access by unauthorized personnel. \n * Do not directly connect to the Internet.\n * Separated from other networks by means of a firewall system that has a minimal number of ports exposed.\n * Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.\n * Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.\n\nPlease see Hitachi Energy advisory [8DBD000057](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000057&LanguageCode=en&DocumentPartId=&Action=Launch>) for additional mitigation and update information.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-02T00:00:00", "type": "ics", "title": "Hitachi Energy APM Edge (Update A)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-20388", "CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-14372", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-1971", "CVE-2020-24977", "CVE-2020-25632", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-3449", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-3541"], "modified": "2022-10-18T00:00:00", "id": "ICSA-21-336-06", "href": "https://www.us-cert.gov/ics/advisories/icsa-21-336-06", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:2141-1)
